Mailing-List: contact allura-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: allura-dev@incubator.apache.org
Received-SPF: pass (athena.apache.org: domain of noreply@sourceforge.net
 designates 216.34.181.60 as permitted sender)
Content-Type: multipart/related;
 boundary="===============5660432398249352117=="
MIME-Version: 1.0
To: "[allura:tickets] " <6595@tickets.allura.p.re.sf.net>
From: "Dave Brondsema" <brondsem@users.sf.net>
Reply-To: "[allura:tickets] " <6595@tickets.allura.p.re.sf.net>
Subject: [allura:tickets] #6595 Prevent spiders from requesting tarballs
Message-ID: 
 </p/allura/tickets/6595/4f6106a979d15a03379d4a2d9e4547164076929a.tickets@allura.p.sourceforge.net>
Date: Mon, 26 Aug 2013 22:43:53 +0000

--===============5660432398249352117==
Content-Type: multipart/alternative;
 boundary="===============6377937189874436259=="
MIME-Version: 1.0

--===============6377937189874436259==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

If I do a GET on a rev that has no tarball ever requested, it says "Checking snapshot status..." and does ajax checks which return 'na' over and over.  We need some way let the user request the snapshot (put a POST form button right on that page?).

A smaller initial delay is great, but `// Check tarball status every 5 seconds` should be removed since it's inaccurate now.  The upper limit of 600,000ms seems pretty high too, might be good to drop that down while you're in there.


---

** [tickets:#6595] Prevent spiders from requesting tarballs**

**Status:** in-progress
**Labels:** stability 
**Created:** Thu Aug 22, 2013 03:43 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 26, 2013 02:02 PM UTC
**Owner:** Tim Van Steenburgh

The following are examples of spiders requesting tarball creation.  This is unnecessary and a waste of resources.  We should make it not possible.  We already have `rel=nofollow` but that apparently isn't working. I think the best solution is to require the URL to be a POST.

~~~~
"GET /p/z-i/code-0/208/tarball HTTP/1.0" 200 16400 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
"GET /p/jhotdraw/svn/729/tarball HTTP/1.0" 200 17834 "-" "msnbot/0.01 (+http://search.msn.com/msnbot.htm)"
"GET /p/fourpane/git4pane/ci/ec65df3a5ff2ec7be011c0722286e766c2b76d94/tarball HTTP/1.0" 200 18137 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http://www.majestic12.co.uk/bot.php?+)"
"GET /u/lluct/me722-cm/ci/0aa649648a00979ad6ca9e9d61df4e44eb694259/tarball?path=/external/clang HTTP/1.0" 200 17918 "-" "YisouSpider"
~~~~


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
--===============6377937189874436259==
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<div class="markdown_content"><p>If I do a GET on a rev that has no tarball ever requested, it says "Checking snapshot status..." and does ajax checks which return 'na' over and over.  We need some way let the user request the snapshot (put a POST form button right on that page?).</p>
<p>A smaller initial delay is great, but <code>// Check tarball status every 5 seconds</code> should be removed since it's inaccurate now.  The upper limit of 600,000ms seems pretty high too, might be good to drop that down while you're in there.</p>
<hr />
<p><strong> <a class="alink" href="http://sourceforge.net/p/allura/tickets/6595/">[tickets:#6595]</a> Prevent spiders from requesting tarballs</strong></p>
<p><strong>Status:</strong> in-progress<br />
<strong>Labels:</strong> stability <br />
<strong>Created:</strong> Thu Aug 22, 2013 03:43 PM UTC by Dave Brondsema<br />
<strong>Last Updated:</strong> Mon Aug 26, 2013 02:02 PM UTC<br />
<strong>Owner:</strong> Tim Van Steenburgh</p>
<p>The following are examples of spiders requesting tarball creation.  This is unnecessary and a waste of resources.  We should make it not possible.  We already have <code>rel=nofollow</code> but that apparently isn't working. I think the best solution is to require the URL to be a POST.</p>
<div class="codehilite"><pre><span class="s">&quot;GET /p/z-i/code-0/208/tarball HTTP/1.0&quot;</span> <span class="mi">200</span> <span class="mi">16400</span> <span class="s">&quot;-&quot;</span> <span class="s">&quot;Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)&quot;</span>
<span class="s">&quot;GET /p/jhotdraw/svn/729/tarball HTTP/1.0&quot;</span> <span class="mi">200</span> <span class="mi">17834</span> <span class="s">&quot;-&quot;</span> <span class="s">&quot;msnbot/0.01 (+http://search.msn.com/msnbot.htm)&quot;</span>
<span class="s">&quot;GET /p/fourpane/git4pane/ci/ec65df3a5ff2ec7be011c0722286e766c2b76d94/tarball HTTP/1.0&quot;</span> <span class="mi">200</span> <span class="mi">18137</span> <span class="s">&quot;-&quot;</span> <span class="s">&quot;Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http://www.majestic12.co.uk/bot.php?+)&quot;</span>
<span class="s">&quot;GET /u/lluct/me722-cm/ci/0aa649648a00979ad6ca9e9d61df4e44eb694259/tarball?path=/external/clang HTTP/1.0&quot;</span> <span class="mi">200</span> <span class="mi">17918</span> <span class="s">&quot;-&quot;</span> <span class="s">&quot;YisouSpider&quot;</span>
</pre></div>
<hr />
<p>Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to <a href="https://sourceforge.net/p/allura/tickets/">https://sourceforge.net/p/allura/tickets/</a></p>
<p>To unsubscribe from further messages, a project admin can change settings at <a href="https://sourceforge.net/p/allura/admin/tickets/options.">https://sourceforge.net/p/allura/admin/tickets/options.</a>  Or, if this is a mailing list, you can unsubscribe from the mailing list.</p></div>
--===============6377937189874436259==--

--===============5660432398249352117==--